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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

I) D Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) [X] Claim(s) 1-46 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-46 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)P Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this^National Stag^ 
application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-5,1 1 -1 5, 1 6-21 ,22-31 ,32-41 and 42-46 are rejected under 35 
U.S.C. 102(e) as being anticipated by Arrow et al. '917(Arrow). 

Per Figure 1, a VPN includes 115-155 and VPN management station 160. To manage 
the configuration or reconfiguration of VPN unit 115 (i.e. a network device) via 160 per 
Figure 1 1 , for example, the management traffic is sent from 160 to 1 15 over the VPN 
itself. 

Therefore, the method of claim 1 comprises the receiving of management traffic 
over the VPN, wherein the managed network device 115 uses the traffic received over 
the VPN from station 160. Per claim 2, the managing includes managing network 
device 115 using secure in-band management due to the use of at least the encryption 
of column 7. Per claim 3, a one or more management port 414 is linked with the VPN 
for management thereof. Per claim 4, a management function (i.e. Figures 5 and 6) 
internal to 1 15 is linked with the VPN via the schematic of Figure 4. Per claim 5, IP 
services are carried out via column 7. 
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Similarly, the claim 11-15 method steps are met by configuring VPN unit 1 15 to 
support a VPN via section 160 and linking a management device 160 and its function 
with the VPN. Per claim 12, the management traffic is carried over the VPN itself. Per 
claim 13, the network device 1 15 is managed using the VPN carried management 
traffic. Per claim 14, the VPN is linked to the management device 160 at, for example, 
the interface 908 connecting 160 to 100. Per claim 15, IP services are carried out, 
supra. 

The network device claims of 16-21 are anticipated via the following 
interpretation. The VPN unit 115, per columns 6-7, performs data traffic routing, and 
thus has a routing and forwarding module to forward packets for the network device, 
and thus configures the network device 1 15 to support a VPN, with a link that links a 
management function with the VPN via port 414. Per claim 17, the routing and 
forwarding module delivers management traffic on the VPN for the network device 115. 
Per claim 18, for example, a management module in 1 15 is seen as the configuration 
data in storage memory 408 when VPN 1 15 is configured or re-configured by station 
160 as set forth by column 10. Per claim 19, an external link at port 414 links the device 
1 1 5 to the VPN. Per claim 20, an internal link via 602 and 408 links the VPN to the 
management function 602 and 408 internal to the network device 115 per Figures 4-6. 
Per claim 21, IP services are addressed supra. 

The claim 22-26 "means+function" are met by the means for receiving 
management traffic over the VPN, at for example, 414, and means for managing the 
network device using the management traffic received over the VPN, at for example, at 
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Figures 4-6. Means for secure in-band management are the encryption, supra. Means 
for linking one or more management ports 414 of VPN 1 15 with the VPN are seen in 
Figure 4 at the "to 100". Means of Figures 4-6 link the internal management function 
with the VPN. Means perform IP services, supra. These claims parallel 1-5. 

The claim 27-31 "means+function" claims parallel claims 11-15, and thus set 
forth a means for configuring a network device 1 15 by station 160 to support a VPN, 
with means linking the management device 160 and its functionality to the VPN via port 
908. The various portion of the VPN and its constituent items set forth the means for 
carrying the management traffic over the VPN. Means for managing the network device 
are seen at Figures 4-6 to manage 1 1 5 using the management traffic over the VPN. 
Means link the VPN to the management device 160 at port 908 using an external link. 
IP services are carried out by the means of the VPN and network itself, supra. 

Per claims 32-41 , machine-readable medium is present to carry out the above 
functions via the computer based VPN. 

Per claims 42-46, note Figure 1 which shows one or more devices 115 and the 
like to configure the VPN with one link to link the VPN to the management device 160, 
the management device 160 facilitating management of the network devices by sending 
management traffic over the VPN itself via the link thereto. Secure in-band 
management is attained via the encryption, supra. The network devices are connected 
via a port to the VPN, supra. Internal management functions link with the VPN, supra. 
IP services are carried out, supra. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

5. Claims 6-10 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Arrow in view of applicant's admitted prior art (APA). 

Arrow sets forth a substantial portion of the claimed subject matter via the 
anticipation analysis above. The analysis above shows a routing and forwarding 
module to route and forward data on single input and output links to configure the VPN 
and to receive management traffic over the VPN with a management module to receive 
management traffic form the VPN and to manage accordingly. 

APA shows a plurality of input and output data links in Figure 4, with a plurality of 
VPN data input/output links at 422A-C. The purpose of these is to facilitate private 
communications on the particular router or the same modules on other routers. 
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Therefore it would have been obvious to one having ordinary skill in the art at the 
time that the invention was made to modify a VPN unit 1 15 per the teachings of the APA 
Figure 4 so that it is possible to facilitate private communications on the particular router 
or the same modules on other routers. As Arrow has shown the limitations of claims 7- 
10, the same analysis applies to the combined configuration of multiple input and output 
data links. 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. The Liu and Hoke et al. and Arrow et al. 751 show similar VPN 
management techniques. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fritz M Fleming whose telephone number is 703-308- 
1483. The examiner can normally be reached on 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffrey Gaffin can be reached on 703-308-1483. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). n f Ai 
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Primary Examiner 
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